Your data stays safe, isolated, and fully under your control.
Every company gets its own environment
Per-company data warehouses
Each customer's business data lives in a dedicated, isolated data warehouse. Cross-tenant queries aren't possible, and your data is never mixed with another company's.
Read-only source connections
Claron connects to your systems using read-only credentials. We never write to, modify, or delete data in your source systems.
You own your data
You can disconnect integrations, export data, or request full deletion at any time. When you ask us to delete your data, we delete it.
Protected at every layer
Encryption in transit
All connections between your browser, our servers, and third-party services use TLS. No data travels in plain text.
Encryption at rest
Stored data is encrypted using AES-256, application databases, data warehouses, and file storage alike.
Sensitive configuration
Credentials and other sensitive configuration are encrypted with a dedicated key before storage. Nothing is stored in plain text; values are only decrypted at the moment of use.
Strict boundaries for users and systems
Role-based permissions
Users belong to companies with specific roles. Every API request is verified against the user's company membership and permission level before processing.
Secure authentication
Authentication uses secure, HTTP-only tokens that browser scripts can't read. Enterprise customers can use single sign-on through their existing identity provider.
Rate limiting and CSRF protection
Authentication endpoints are rate-limited against brute force. All state-changing requests require valid cross-site request forgery tokens.
Built on trusted cloud services
Google Cloud Platform
Infrastructure runs on GCP in the EU region, managed services including Cloud Run, Cloud SQL, and BigQuery, all of which meet SOC 2 and ISO 27001 standards.
Production hardening
Production environments are locked down with strict security defaults. Only the services that need external access are exposed; everything else stays on a private network.
Network controls
API access is restricted to authorized origins. External traffic is filtered, and internal services communicate over private networks.
Controlled access to your data
SQL validation
Every database query passes through comprehensive validation. Data modification, schema changes, and system commands are blocked before execution.
Parameterized queries
User inputs are never interpolated into queries. All values pass through parameterized interfaces that prevent injection attacks.
Scoped data access
Queries are automatically scoped to the requesting company. Users only ever see data that belongs to their organization.
Built for European data standards
GDPR-ready
Claron supports data access requests, data portability, the right to erasure, and consent management. Your data is processed and stored in the EU.
Minimal data sharing
AI features send only structural metadata, column names, table schemas, to AI providers. You choose which features use AI, and can disable them at any time.
Governing law
Claron is built by BeaconBase, a Finnish company. Our terms and data-processing practices are governed by Finnish and EU law.
Have a security question?
We're happy to walk through our security practices in more detail.